Breach and Loss Going Up. Next Stop, GDPR

Breach and Loss Going Up. Next Stop, GDPR

posted in Disaster Recovery ● 25 Oct 2016

Data breaches and losses are regular headlines, and when they affect millions of individuals it isn’t hard to see why. Several high-profile organisations such as Equifax, Three and various local government organisation in the UK have all been victim to data breaches; so, are organisations prepared for the impending regulations that could see fines for a data breach grow to €20 million?

Global trends have shown that in 2017, the number of files lost or stolen in a data breach has risen to a level where, 9 months into the year, it outstrips the number from the year prior. A staggering 1.9 billion records have already been lost or stolen in 2017, equating to an astonishing average of 10.4 million records lost or stolen every day. It may not be so surprising to hear that 74% of data loss was directly attributed to cyber-criminals, with a further 8% being attributed to internal attacks. The data used for these findings considers breaches that have been reported, with North America leading the way by a distance. With the GDPR set to take effect in early 2018, this could all change.

 

Get your Equifa-cts straight

One of the most recent, major, data breaches has been the Equifax breach that is known to have effected over 140,000 users and business world-wide, including 400,000 in the UK. Equifax who had published a white paper talking about data protection and best practice in the event of a data breach, spoke of informing data subjects of a breach within a few hours, however waited several months to inform their own customers of their breach. The company’s internal processes have been heavily called into question and early investigations have already revealed that data was being accessed and stolen by unauthorised persons for several months. Data regulatory authorities worldwide have committed to investigating why the breach was so large and how it took so long to be found, the ICO in the UK were quick to publicly offer Equifax advise on how to deal with UK consumers effected and the FBI has reportedly begun its own enquiry.

 

How much worse could it get?

Breach data can only account for the breaches that are reported to regulatory authorities around the globe. This means smaller breaches are less likely to be reported and some organisations, however well-known they are, may fly under the radar. However, with the introduction of GDPR in May 2018, all organisations who must comply have a duty to report a data breach within 72-hours of it occurring. There is likely to be a huge rise in the number of breaches reported from across Europe and regulatory authorities such as the ICO, in the UK, are going to have their hands full. Further to this, cyber-crime is also on the up and with criminals able to steal data and extort ransoms with relative ease it won’t be a surprise to see more and more headlines about data loss, theft and breach. There is also likely to be several headlines relating to the fines those organisations face afterwards.

Facebook fined

In the run, up to GDPR, regulatory authorities across all of Europe have been showing signs of strength and companies, no matter how large, should know that they are serious. Tech-giant Facebook has committed to becoming compliant but that hasn’t stopped them from receiving fines from no less than 2 European regulators within a 6-month period. In May, 2017, the company received a €150,000 fine from France’s data protection regulator for failing to prevent user data being freely accessed by unauthorised advertisers on its ad platform. Fast-forward to September and the company received a second fine, this time from Spanish authorities for €1.2 million for failing to comply with data privacy regulations. In a statement, the authority also stated that “Facebook’s privacy policy contains generic and unclear terms… Facebook does not adequately collect the consent of either its users or nonusers, which constitutes a serious infringement.”

 

Compliance

Redstor is committed to ensuring data is protected throughout its lifecycle and to reducing the threat of data loss or breach. To help partners and customers comply with the upcoming regulation, Redstor has entered a strategic partnership with compliance specialists GDPR365.

GDPR365 is a collaboration and compliance management solution designed to give organisations the tools they need to accurately measure and improve levels of compliance.

Rise in laptop sales leads to data protection worries

Reading, 6 April 2020 – An unwelcome repercussion of employees snapping up laptops for home working ahead of the coronavirus lockdown has been an even bigger spike in cyber-criminal activity.

Continue reading

O365 cyber attacks stress need for isolated backup

Johannesburg, 17 December 2019 – Office 365 is a prime target for cyber criminals – and it’s not difficult to understand why when Microsoft announced this year that it has more than 180m active commercial users every month.

Continue reading

Game-changing pricing for O365 protection

Johannesburg, 24 October 2019 – Redstor, the company disrupting the world of data management, will demonstrate at the Gartner IT Symposium/Xpo™ in Barcelona how a pioneering technology developed in South Africa slashes the cost of Office 365 protection.

Continue reading